i need help (Filecoder)

[heba 0]

Hellow 

I am in big trouble and I think you could help me to solve my problem

I read an article contains you company name  you offer help to some people like me

I am avictim of crypt wall virus  this program I don’t know how  attacked my pc and I found in every folder 4 files called help decrypt  and then I found all my data are crypted by a strong key or something and they but one condition to turn it back by paying 500 dollars and I tried to fix this by my own way I remove the virus but my data  are damaged I try to understand what happen my files all with the same size but did not open nothing inside a photo or video or any file I think some part of each file is missing or in the file header but I couldn't solve it plz if you read my msg and you have any cheap way to retrieve my data back I will be happy of course I don’t have this money if I have it I will pay but I don’t have this big amount  .

If you kindly accept my request just answer me with amsg to this mail   

my pc was infected in 22-02-2015

my info abut this virus is an Ukash hacker   it’s a ransomware virus strong one and this is a photo I found in each folder don't worry its not infected pic

                                                                                                                                                                                                                                                                      

and the txt file also contans this info

 

What happened to your files ?

All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.

More information about the encryption keys using RSA-2048 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)

 

What does this mean ?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,

it is the same thing as losing them forever, but with our help, you can restore them.

 

 

How did this happen ?

Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.

All your files were encrypted with the public key, which has been transferred to your computer via the Internet.

Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

 

What do I do ?

Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.

If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

 

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

(removed the links as they were unsafe)

If for some reasons the addresses are not available, follow these steps:

1.Download and install tor-browser: (removed this link too because we all know where to get TOR if we wanted it)

2.After a successful installation, run the browser and wait for initialization.

3.Type in the address bar: (removed this link as it is very unsafe)

4.Follow the instructions on the site.

 

IMPORTANT INFORMATION:

Your personal page: (same, removed this link as it is very unsafe)

Your personal page (using TOR): (removed the links as they were unsafe)

Your personal identification number (if you open the site (or TOR 's) directly): (removed this info because googling it can result in an infection)

[JavierSeguraNA 36]

Hello heba, 

 

I removed all the links except for the wikipedia link because linking in that fashion is against our forum rules for safety reasons. I am approving the post because the content is relative to our interests and I believe people might benefit from the insights shared by our intelligent forum members. 

[yongsua 16]

Hi heba, welcome to ESET forum. I would like to suggest you to refer to Geeks to Go forum as it is specialized in helping users to remove malware and restore system. Here is the link: hxxp://www.geekstogo.com/forum/

 

Kindly refer to it and post your issue at the Security-Virus, Spyware, Malware removal section. Next time, in order to prevent Cryptolocker attack in the future, kindly install this CryptoPrevent (a tool that blocks cryptolocker and other similar attack by other malware). hxxp://www.foolishit.com/vb6-projects/cryptoprevent/

 

Trust me, this will be a tool that is recommended by the malware experts at Geeks to Go forum after they get your system cleaned. They will use also some sort of system analysis tools like Farbar Recovery to perform analysis in your system. Kindly cooperate with them. Thank You.

Edited March 7, 2015 by yongsua

[yongsua 16]

Hi, in order to make the job easier and faster for the Geeks to Go forum helper, I would like to suggest to perform some analysis in your system prior to posting your issue at that forum.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.

 

 

• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

Kindly attach your FRST.txt and Addition.txt on your post at Geeks to Go forum. Thank You.

[Marcos 5,070]

Your filed were encrypted by Filecoder.CR. Decryption is not possible and the only way how to recover the files is from a backup.

[TomFace 539]

Marcos, does ESET SS8 (or HitmanPro.Alert) protect against Filecoder.CR?

 

Another good reason to keep current on your backups.

[Marcos 5,070]

Haven't seen a new variant of Filecoder.CR for a long time. It's Filecoder.DA aka CTB Locker which has been spreading recently. Although ESET is excellent at protecting against zero-day malware and especially Filecoders when latest version of ESET products are used and all protection features are enabled, there's nothing like 100% guarantee that every new variant will always be detected. Even the forum of a competetive Russian AV has recently been full of complaints from users who got their files encrypted.

[rugk 397]

More about CTB Locker you can find on these sites:

• CTB-Locker: Multilingual Malware Demands Ransom
• CTB Locker and Critroni Ransomware Information Guide and FAQ

[Marcos 5,070]

Text alignment changed. Off-topic posts removed or edited.